And so it begins again...
"Be critical in your research and your thinking. Don't seek permanent comfort, but rather, seek the challenge to adapt. And when it is all done, start again."
As technology solutions grew, I transitioned from one platform/network to another, looking to make life easier and have quicker access to what I needed. This led me to using a highly centralised, but very convenient digital life. However, along the way, I was giving something up which I was not aware of. And no, not just my privacy (which is a huge issue globally), but something more important than that. In my technological life, I got comfortable, I compromised, I decided to not care, I had reached a very convenient life which gave up my necessity to learn. It was time to take responsibility of my data, my security, the way I interface with technology, the way I use it, so that I can control how it changes me, how it helps me. I was becoming more of a servant to it, rather than it to me. No more.
The reason for this post is to let those I know (and the random reader) what I'm moving towards, so that they can follow these or some of the same solutions if they wish to take back some control of their privacy. As a minimum, I highly encourage you to investigate them because in just opening a few pages and reading something different than you typically would, your own personal education will increase, and possibly help you to take a different perspective to which you have been mostly unaware existed.
As you read my newly compiled digital suite of solutions, keep in mind two things:
One: Your security is precious. You won't care for it until you lose it. This means you need to prepare ahead of time, you can't wait until it is a problem. Even if you trust services, like Google, to secure your data, no one is more interested in your security than you. Centralized services are a treasure hove for malicious actors and organizations are not perfect. We have seen, even lately, how easily and systematically large trusted networks have been taken advantage of. The transition below is about removing the responsibility of others to be the custodian of my data and taking ownership of my own security in this way. I am responsible to continue to learn and adapt. This increases knowledge, which increases choices, which increases quality of life. Also, all of my solutions have been segregated. Meaning, this is quite opposite to the Google services you might be used to in where one login gets you all the integrated and accessible from-any-device solution you might be used to. This is not to say my compiled list can't do that, but each one I use as an individual product and since each one is an individual organisation running it, I have individual accounts for each solution. This increases security as a hacker attaining one login, can only access that specific service, and no other. Since I have taken the effort to create my own algorithm for password generations to which I need no app or password manager to maintain for me. And yes, I have unique complex passwords for each login (This is much easier to do and maintain than you think).
Two: My time and energy is precious. My time is not infinite. Your time is just as important. What I have found is not only more private and more secure solutions, but I've also implemented a structure around how I access them. I've purposely have left my mobile as a bare bones, only having that which was necessary while mobile myself. Anything convenient (like checking email on phone) was removed. That can wait. In fact, by reducing your access and apps and tools and accounts and anything you thought you needed, you will not only gain more security, but also focus, and time in your life. Less time securing them, less time keeping up with changes from them, less time accessing them, and all of this time goes to you. Time to use as you wish, to learn something new, to travel, to write, to read, etc.
I'm upgrading. You should too. Any suggestions or corrections, please comment! This is a dynamic post which I can edit. The more you help me know, the better I can do and help others. This post might be too technical for some, but I believe there's a lot of value between what you find too technical and what's on this page.
This post took nearly half a year to write as I tested each solution... enjoy.
Enough of an intro. Let's start with the criterias I used.
The New Bar
- Open Source = I and the world needs to be able to independently and transparently audit the code behind the software/hardware so as to ensure it is what the creators say they are and intended to do. If I do use a proprietary solution, it is because it is not only sandboxed (secured by my OS) and any input I give it is not tied to my data or security of it, but also because it is temporary since no good alternative exists. Choosing open source is voting for open knowledge. This also typically leads to faster better solutions since we can all work on them.
- End-to-End Encrypted with client side created private keys = This way, I can confirm that no one other than me can actually read my data (aka "no or zero-knowledge"). This also means it is up to you to secure a backup of your access to your account. There is no password reset due to forgotten or lost passwords in this realm.
- (Little to) Nothing in leaking my metadata = Metadata is still data. This is a complex subject but suffice to say, that leaving crumbs behind in this day and age is enough to gather data about you. One of the biggest reasons to use secure software is also to protect others as well. Do not underestimate this: You protect everyone you enteract with by protecting yourself. Your commulative effect of your choices are compounded multiple times!
- Gives back to the IT community = I want to use services that help and propell the world in a good way. We vote each second we use a specific network. We are saying, "this is good. I want more of this. My interaction means grow more please!". I want to ensure that I'm growing a good healthy solution for humanity, and not my personal interests.
- Free (Or as much as possible) = I believe in a structure where a resume (CV) for an IT person is built on a list of contributions to open source software, and not what certification they have. If all schools/companies requested this, then most to all services could be free. However, I am not opposed to paying for good service. Paying is another way to encourage that organisation to keep promoting their open source solutions for the rest of the world, even making it cheaper for everyone as they gain volume. Support the services/apps you use on a monthly basis deviding a set a amount between them all. Like a subscription.
- Mobile compatible = The ability to work on a mobile, although I do forsee a future where mobiles will not exists as we know it. So this is only a temporary valuable service. It is the last thing on the list, and more of a bonus. I have found that reducing usuage on a phone increazse time in life.
Now for the interesting part!
My New Digital Compiled Suite
Tablet/Laptop/Desktop OS (Operating System)
Gold: Linux Mint
Linux won here easily. Why not use the same protected system hackers personally use? Sure there's a bit of a learning curve, but my transition isn't about making things easier right away, but simpler and secure FIRST. Easier comes later.
Linux is just the engine, what about the body? Choosing the body (distro) is not as vital. Distros are flavors, like what a car looks like and how it handles. I don't care the color of my vehicle as long as the locks and engine are solid. So I went with Mint as it has a simple fast desktop called Xfce. Great for bringing back to life older machines and still have all the common accessibilities to what you may use for a Desktop OS (I'll call my "home" machine "desktop" for the purpose of this post to ensure differentiation between mobile (phone) and the computer that stays at home. Yes, I'm reverting to accessing my digital world mostly to one location, at a set time when I choose, not when it chooses for me. You can actually spend less time and do more doing it thise way. Our ancestors were on to something!
Pros:
- Solid, fast, no need for anti-virus.
- You can pick from hundreds of distros for your perusal and specific needs. You can make it look like Windows or a Mac if that's what you want, whilst keeping the hardened strong kernel of linux to secure you.
- "Try-it-before-installing" through Live USB function. See if it even works out of the box for your machine.
Cons:
- First technical issue you might have will most likely send you down a rabbit hole of tech forums and online research. But this is good. You are taking ownership of the changes you want to make, you are using your brain. Each time you will resolve faster and faster. Sometimes you'll give up, but then you'll come back to it with new energy.
Silver Place: elementary OS. A great alternative to which I will need to test more and may even convert to. Since it's a little heavier on the graphics, ideally it's for a newer machine. I like it's simplified approach, but I can still" open the hood" if necessary.
Mobile OS
Gold: CopperheadOS
Who can provide a full open source mobile OS, access to a large array of open source apps, hardened for security and doesn't imprison you in a "walled garden"? Definitely not iOS. Android may come to mind, but the stock OS comes with bloatware which you can't uninstall without rooting. Plus the "open source" Android they used was modified to make it impossible to get rid of the backdoors from Google or other companies. CopperheadOS is a great project that deals with this. Considering that your mobile phone gathers more metadata and records more about you than anything else right now, it is worth putting some time and thought into why you have it, how you use it, etc. This OS helped me to strip down the phone to become only that which I need it for, not what is convenient, interesting or fun. I can leave those things for my desktop OS (again, set time and place to do that stuff, leaving more time for me while I'm living life to live life, not having to be constantly connected and distracted from what is around me). Lose the smartwatch, you don't need it as much as you think you do (You somehow survived just fine without it before they came along!).
Pros:
- Security and privacy focused mobile os.
- Sandboxing for apps, a strong feature if you are going to run closed-source or untrusted apps.
Cons:
- You need to take the time to learn to flash your mobile (A pro in disguise) if you are not going to buy their already configured phones. I highly recommend buying their phones, not flashing it unless you are prepared to brick your phone (if you don't know what you are doing).
- Although I have found an open source replacement for all my (needed) apps, the one I had trouble with was Google Maps. The popular OSM (Open Street maps) is not quite there. So I use Google Maps through my open source browser which keeps me also anonymous as possible.
Silver Place: Android stock OS. Android is open source (but it has been modified to an extent which you cannot remove Google without breaking updates and therefore exposing you to vulenrabilities). However, it can still be modified enough to be more secure than out of the box. It is much better at being more transparent than the other mobile OSs, but the true power of Android stock is it's ability to integrate with Google. And if that's what you want, then a lot of this post won't apply to you other than the knowledge.
Messenger
Gold: Signal
Researching this solution took up the greatest portion of my research time (and reason why it took me so long to begin switching over). This is because of the messenger dilemma. This is such a personal tool (I bet to most people as well). I struggled having complete privacy and security, plus all of the fun features of using it (like group chats, group calls, sending pics, etc). Even my top two choices were neck to neck for the finish line. But unlike a browser, which is independent to the party you are communicating with, I had to take into consideration if others would use it.
Quick note: SMS texting was definitely out. I can't think of a worse most unsecure way to message than that way (Actually yes, probably facebook messenger). Even with the new added features from the carrier companies to texting, it is unencrypted and can be subject to MITM (man-in-the-middle attack). This solution had to be a universal solution. Something I could go to mars and still use as long as I had internet access (not subject to a cell tower). SMS requires you to have a plan for it, and so you are paying for it, even if you have a package deal. This also binds you to a cell plan. My cell plan is $15/month because I outsourced my phone number (VOIP) and don't use SMS (I use a real messenger where I can message from anywhere in the world without extra charges for choosing to go with a carrier network providor). Anyways, onwards... oh, and checkout a good chart in which can help you see how this is not such an easy decision.
Pros:
- Signal met all of my security requirements, especially not leaking metadata (You can even set the app to hide your IP from Signal servers).
- Snowden approved. Non-profit funding. Dedicated developers.
- Has lots of features (voice clips, sending documents, multi-platform, desktop app, etc).
- The registration by phone turned me off at first and it was even kicked off my list for months until I realized that a) Most people are used to registering like this for a messenger like Whatsapp (Whatsapp is horrible in securing you compared to Signal, remember who owns them) and b) You can use a burner number, plus set a pin for your account so that even if you use a burner number, you are not subject to a MITMA if your number is hijacked or used again by someone else.
- The backup is forced encryption, so unlike other messaging apps (I'm looking at you Whatsapp!), it forces others to have it encrypted if they decide to back it up to the cloud, further securing your data from hungry eyes. You protect others with this method as well (Although Signal will automatically backup your data with it, encrypted, you still need to manually upload it to off site solution if you want to keep a record of your messages if you don't have access to your phone anymore).
Cons:
- Not decentralised so it is still dependant on central servers to relay and notify you. However, you own the data.
- Signal messenger beat out my favorite for the past many years (Google Hangouts) in all areas except one: Group calls. It doesn't do it yet. I had to get a second solution for that (more on that below).
- You need to have the EXACT number of whom you want to start a chat with in your contacts or else it only allows you to send a general invite to your contacts to install the app. To clarify, it uses the phone number like an ID. It needs to be able to send a text message to it to verify you own that "ID". So if you want to message someone, you need to have their "ID" (phone number).
Silver Place: Threema. Lost to Signal because it wasn't fully open source, didn't enforce perfect forward secrecy, and no self-destructing messages (although that last one is not too important to me right now). Plus it's a paid app, although paying for it is not the issue, but much harder to get others to adopt.
Group Conferencing
Gold: Jitsi
I got a bonus when I found Jitsi (Meet) because it not only met all of my criterias, it's also anonymous! Although I didn't want to split my messenger into two (I would have rather had one messenger that ruled them all, including replacing email), but to keep in line with the criterias, it required me to do so. To understand how this solution works: Think of this as a house with nearly infinite rooms. Each room can be named whatever you want. But no one owns that room unless the first person that goes in, sets a password. Like in the movies (think of small sliding door and you see their lips say "Password?"). But the last person to leave has to leave it unlocked as you don't own the room, thus leaving it open for anyone now to use that room (name). Very cool concept.
Pros:
- Fast, simple, "large audience" ready (extra features like "Raise hand")
- Can do Picture-in-Picture (PIP) while on a call (but not the host yet :)
- One is able to join by calling a long distance number if needed (and has no app at that moment)
Con:
- If you are the first person to enter the room, you need to remember to set a password so no one else you don't want in there can enter (unless you want to talk with strangers! :)
- Sometimes you go in and find someone you don't know is already there. So ideally, you make a room name that is not pronounceable in any language and it will be doubtful you'll find someone in it when you go to it.
Silver Place: None. Really. I could not find another one that met my bar other than this one and this one took the gold easily anyways.
Notes
Gold: Turtl
I almost didn't think I would need to replace Google Keep, which is a great app (It's even a great grocery list app), but once I uninstalled it, I realized, I did use it more than I thought. Now, don't be frightened by it's simple Markdown language (which now that I think about it, it's the simplest programming you'll probably learn. Same language I used to make this post here!). The App works good (could use a little more fine tuning but does the job, and securely!).
Pros:
- Can create a persona so as to enable secured sharing between other family/friends.
- Can save pictures, documents, passwords as well!
Cons:
- Desktop app, but I haven't fully tested it. Seems to work good, but does not auto-launch when restarting computer. I need to look into that still.
- I do use it for my grocery list still, but it's definitely not like Keeps which had checkboxes.
Silver Place: None. Really. I could not find another one that met my bar other than this one.
Browser.
Gold: Brave
This one was tough because there are many out there, but I narrowed it down to two. I really liked Firefox because it is typically the source of most updates to changes of any other open source browser out there, but eventually settled on Brave not only because it provided out of the box pre-configured security privacy settings, but it is SO easy to change the settings to individual domains at your discretion. As well, it is leading the way to providing a subscription-time-based payment system using their crypto "BAT" to pay sites, instead of you having to endure ads (I love the pioneering attempt on this). Moreover, they have a end-to end encryption client side private generated key to sync between devices of your browser history, data, etc. Unlike Google which can see all your passwords for your sites, this is private to you and to you only. Lose the backup key or don't sync it with a second device? You lose it. Firefox has a similar feature but I couldn't confirm that that solution was open source. Eitherway, it is a feature, not a necessity. All your passwords should be different and complex. I can do a post about how to remember complex unique passwords for another time. You don't need an app to do this. You have a brain. Use it.
Pros:
- Apart from what I already mentioned above, Brave is extension-free (a bonus in my opinion as you have less vulnerable points of entry and runs faster) and does the job right.
- Overall, a fantastic looking browser too. Fast and a pleasure to use.
- Multiple session tabs (awesome for those wanting to access the same service but with different accounts all in the same browser)
Cons:
- Doesn't have a sync to mobile browser yet, but it's coming they say!
- Does not have a history of recently used tabs so don't close unless you mean not to need it again for that session.
Silver Place: Firefox. (Already mentioned why above)
Data Storage
Gold: Mega
This one was tough because I couldn't find any hosted backup/cloud storage that met the bar at first (I didn't want to self-host, I'm willing to pay to have someone else deal with the care. hardware and updates that come along with that task). But eventually, one did surge. Mega comes out on top of all others because of their FULL open source clients. All others failed in this area. This is, pardon the pun, mega important. You need to be able to audit that the client is not transmitting your password back or can self-update to do this in the future. Truly unbelievable that so many others have not done this when they claim zero-knowledge encryption. Open source your clients and prove it!
Pros:
- Very good price, one of the best.
- Easy to use, lots of features.
- Public and private sharing functionality like Google Drive.
Cons:
- Their free/bonus plans have different expiration dates so don't count on the potential xGB of "free" data. I still think their plans are worth the bitcoin (yup! They accept it, making it anonymous if you use a non-identifying email address). They really only care to make money from storing your encrypted data, not anymore than that!
- If you want to upgrade your plan, there is no retroactive credit. Rather, your old plan pauses and the new on kicks in. Then when the new one expires, the old one continues.
- If you are syncing using Linux, I encountered a bug where if you have a maxed out the space on an account and are waiting to upgrade your plan, then you have about 10 minutes before it crashes. So ideally, you terminate the process until you have resolved your plan.
Silver Place: None. The others didn't meet my bar.
Gold: Tutanota
This one was hard because email is becoming outdated, as messengers are replacing all the functions that email used to give us, but there are still many services that use it to which truly does make my life way easier with those services. Like eBills. I rather still receive an un-encrypted email from them than a bill in the mail to which I can't see if I'm not physically somewhere. Post mail would defeat the purpose of using the internet in this case. Although email (SMTP) is inherently insecure, I did find a hybrid solution that allows me to connect with insecure services like utility bills, but still be able to send encrypted emails to people I know.
Pros:
- You can send fully encrypted emails to those on Tutanota
- You can send secure, but not fully encrypted emails to those outside Tutanota (Secure because when it needs to send an email with a link to the encrypted email, but because Tutanota needs to know the password to verify the recipient, you are trusting Tutanota to do this security. Ideally, each recipient signs up to Tutanota, but this is still a WAY better solution than say gmail).
- Emails sent to outside recipients are not trusted to their mailbox. Instead, they get a link to the email which means their untrusted server never gets to see or store that email. Very cool. The recipient may not like this, but they are asking you to reveal your data to an untrusted server for their convenience, which is very uncool. This could lead to them switching up their security and using tutanota to help others be more secure as well. To clarify, all the emails you send therm does sit in a personalized inbox in Tutanota, so all the emails you send them sit all together in a secure inbox.
- You can receive emails from anyone, just like your current email provider.
- You can change the password for that particular recipient if you believe that the password has being compromised.
- You can send in-secure emails just like with your current email provider.
- Paid feature includes using your own domain as well (VERY cheap plans)
- Faster browser mailbox than Gmail or Inbox!
- Free 1GB to kick. More than enough for me for a lifetime since I save my documents to my storage and not in my inbox.
Cons:
- You need to switch email service to get this security. So some transition work, but well worth it.
- You need to pay for premium features, but free plan really good still. So much so I'm only going to pay to support them, not because I need the extra features.
- No offline syncing. This was a problem for me at first, but then I realized that I should need to carry my email around with me. That is a convenience, not a necessity. The less I carry with me, the less to manage and more time for life.
Silver Place: None. The others didn't meet my bar. PGP encryption still flawed since it doesn't encrypt the header or subject line (not their fault, SMTP is not in our future).
Phone
Due to security reasons, I won't be telling you who I use as my provider for my cell number, but what I can say is that you DON'T need to own a carrier assigned one. Meaning, you can go with a data only plan (the kind they sell for tablets only) and then pay for a softphone or go with a free one. I only have it to bridge the old world with my new one and each time it rings, I have a ringer that reminds me that it is an unsecure call. I plan to transition phone number(s) out anyways. Remember, there are free plans out there that you have unlimited calling through the internet with an assigned number! And as always, make encrypted calls by default, use Signal.
Maps
So... I cheated a bit, but not quite. Open Street Maps (OSM) is a great project and in so many ways, better than Google Maps and Apple Maps (like incredible layers and very granular settings and information). But it just doesn't easily do transit information and business look up by name. Moreover, there's an array of information from a business (like hours and website) that you don't get with OSM. Those are very important to me, especially when I'm mobile. How did Google Maps make it past my bar? I don't need an account to use it if you go through a browser. The experience is nearly the same. Near anonymous use (they still can pin you to your device ID, and know who you are if they find out who uses that device ID. So they can know where I was at a point in time, which since I'm not working towards anonymity, but rather, security of my data, it's not that important to me right now. But it hinges on insecurity since a third party could get that info from Google and then use it against me. My hyper-awareness of insecure apps, leads me to question when I launch it, if I'm ok revealing to the world right now where I am and in the future. Being aware of what you give up is where the seed of change begins. As you probably read this, this is a complex part of the transition since this is not about all security or nothing. It's more about what you are willing to give up and this is my grey area which is still under scrutiny.
Payment
Cheques are so archaic, I'm not going to get into them. I do not use cash. It can be stolen or more likely, lost. So while I still only carry a credit card and/or bank card for when I need it (soon to be just one!), I make it a point to reduce third parties between my money and my recipient, like Paypal, Google Wallet, Apple Pay, or my bank app. In my books, all third parties cannot be trusted not because that they are not trustworthy, but as you remember, because I won't give up my responsibility of my privacy and security to someone up because I should be resonsible for it. They can be hacked. They don't need to be non-malicious to be a problem to you. So how do I proceed into the future with no proprietary apps like these on my mobile, and still be able to make payments with no third party in between?
Enter bitcoin.
Several wallets out there meet easily the bar, but I have two favorites: Mycelium / Airbitz. Of course, you might want something else that can handle more variety of cryptos, but I'm sticking with the long tested protocol: bitcoin. So far the gateway crypto to all other ones and the most likely to succeed as the international reserve money. Why buy silver when you can own gold? Pseudo-anonymous, fast, cheap, great crypto to hold long term and make gains (no need to trade, fellows, just HODL like a retirement fund!). It can make payments no matter where I am without consulting my bank (or my credit card. A shoutout goes to credit cards out there that decided recently where I can or can't spend my money, which is not their job!!!). Just don't spend it when the price is lower than what you bought it at. Use the other options until we are finally at the point where we don't need to carry a piece of plastic with the private key written in plain text out in the open for everyone to see, even the cameras in the ceiling! Great job, credit cards! Your security is top notch!
Other Linux/Android open source apps worth checking out:
Fruxx (Calendar sharing) - I have not tested this one, but it is on my list if I desperately need to go through the most secure, but not fully, CalDAV to share my calendar and contacts with others.
####(For the ones below, look in f-droid)
AntennaPod (Podcast player)
AnySoftKeyboard(Very configurable keyboard)
Audio Recorder (For quick personal voice notes)
Gallery (View pictures/videos)
ICSdroid (To subscribe to public calendars)
Loyalty Card Keychain (For your membership, point cards, etc.)
Open Camera (WAY more settings, more like an SLR app)
Open Note Scanner (Ugly, but does the job)
Vanilla Music (Great music player, even has extensions to capture lyrics and more)
Remember, you may not like some my solutions, if so, ask yourself why and then "is it that important"? Do you actually really really need it? Or are you trading convenience for a future insecurity to which you cannot fix until it's too late?
You might notice my list is short. That is a feature. Less apps, less distractions, more time. No more Netflix (Write to someone instead), eBooks (Read real ones), Youtube (Go outside)... although with YouTube you can search and watch it on your desktop OS anonymously through Minitube and yet still have subscriptions you can follow). Anything else, I gave it up. It wasn't that important when put it into perspective (to what I was giving up to what it was putting out for true quality of life).
PS. Want to hear a great podcast on what your attention is worth? Check out TED Radio Hour: Attention Please
Pss. Again, I encourage you to leave me comments to help correct anything I may have misconstrued here. Depending on my time, I may be able to answer some of your questions as well. If you got this far reading it, Congratulations! You are more informed now than most on every day consumer technological security. Make a change today that will help your tomorrow, and automatically helps those around you.
https://steemit.com/privacy/@drhushchak/an-investment-in-bitcoin-private-why-should-you
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Interesting. I'll comment directly on your post.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @tbit! You have received a personal award!
1 Year on Steemit
Click on the badge to view your Board of Honor.
Do not miss the last post from @steemitboard:
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @tbit! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @tbit! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Do not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit